Adds the client ID for the given tenant ID to our system.
Passing credentials
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_clusters_by_date_range()
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadClustersByDateRangeCount()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadClustersByDateRangeCount")
print(response)
Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_clusters_by_version(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadClustersByKubernetesVersionCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadClustersByKubernetesVersionCount", filter="string")
print(response)
Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_clusters_by_status(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadClustersByStatusCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadClustersByStatusCount", filter="string")
print(response)
ReadClusterCount
Retrieve cluster counts
PEP8 method name
read_cluster_count
Endpoint
Method
Route
/container-security/aggregates/clusters/count/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_cluster_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadClusterCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadClusterCount", filter="string")
print(response)
Get container counts using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_containers_by_date_range(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainersByDateRangeCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainersByDateRangeCount", filter="string")
print(response)
(true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered
limit
query
integer
The upper-bound on the number of records to retrieve.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_containers_by_registry(under_assessment=boolean, limit=integer)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerCountByRegistry(under_assessment=boolean, limit=integer)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerCountByRegistry", under_assessment=boolean, limit=integer)
print(response)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_zero_day_affected_counts()
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.FindContainersCountAffectedByZeroDayVulnerabilities()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("FindContainersCountAffectedByZeroDayVulnerabilities")
print(response)
ReadVulnerableContainerImageCount
Retrieve count of vulnerable images running on containers
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerable_container_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerableContainerImageCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerableContainerImageCount", filter="string")
print(response)
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_container_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerCount", filter="string")
print(response)
The upper-bound on the number of container records to retrieve.
offset
query
integer
It is used to get the offset
sort
query
string
Field to sort results by
filter
query
string
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.find_containers_by_runtime_version(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.FindContainersByContainerRunTimeVersion(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("FindContainersByContainerRunTimeVersion",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.group_managed_containers(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GroupContainersByManaged(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GroupContainersByManaged", filter="string")
print(response)
ReadContainerImageDetectionsCountByDate
Retrieve count of image assessment detections on running containers over a period of time
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_detections_count_by_date(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerImageDetectionsCountByDate(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerImageDetectionsCountByDate", filter="string")
print(response)
ReadContainerImagesByState
Retrieve count of image states running on containers
Filter using a query in Falcon Query Language (FQL). Supported filters: cid
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_images_by_state(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerImagesByState(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerImagesByState", filter="string")
print(response)
ReadContainersSensorCoverage
Bucket containers by agent type and calculate sensor coverage
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_sensor_coverage(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainersSensorCoverage(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainersSensorCoverage", filter="string")
print(response)
ReadContainerVulnerabilitiesBySeverityCount
Retrieve container vulnerabilities by severity counts
Get vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerability_counts_by_severity(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerVulnerabilitiesBySeverityCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerVulnerabilitiesBySeverityCount", filter="string")
print(response)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_deployment_counts_by_date_range()
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadDeploymentsByDateRangeCount()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadDeploymentsByDateRangeCount")
print(response)
Retrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_deployment_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadDeploymentCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadDeploymentCount", filter="string")
print(response)
One or more cluster ids for which to retrieve enrichment info
filter
query
string
Supported filters: last_seen
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.ReadClusterEnrichment(cluster_id=id_list, filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.command("ReadClusterEnrichment", cluster_id=id_list, filter="string")
print(response)
One or more container ids for which to retrieve enrichment info
filter
query
string
Supported filters: last_seen
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.read_container_enrichment(container_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.ReadContainerEnrichment(container_id=id_list, filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.command("ReadContainerEnrichment", container_id=id_list, filter="string")
print(response)
One or more deployment ids for which to retrieve enrichment info
filter
query
string
Supported filters: last_seen
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.read_deployment_enrichment(deployment_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.ReadDeploymentEnrichment(deployment_id=id_list, filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.command("ReadDeploymentEnrichment", deployment_id=id_list, filter="string")
print(response)
One or more node names for which to retrieve enrichment info
filter
query
string
Supported filters: last_seen
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.read_node_enrichment(node_name=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.ReadNodeEnrichment(node_name=id_list, filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.command("ReadNodeEnrichment", node_name=id_list, filter="string")
print(response)
One or more pod ids for which to retrieve enrichment info
filter
query
string
Supported filters: last_seen
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.read_pod_enrichment(pod_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.ReadPodEnrichment(pod_id=id_list, filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# You may also provide a list of strings here: ["ID1", "ID2", "ID3"]response=falcon.command("ReadPodEnrichment", pod_id=id_list, filter="string")
print(response)
ReadDistinctContainerImageCount
Retrieve count of distinct images running on containers
Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_distinct_image_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadDistinctContainerImageCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadDistinctContainerImageCount", filter="string")
print(response)
Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_images_by_most_used(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerImagesByMostUsed(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerImagesByMostUsed", filter="string")
print(response)
ReadKubernetesIomByDateRange
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.
Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_iom_count_by_date_range(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadKubernetesIomByDateRange(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadKubernetesIomByDateRange", filter="string")
print(response)
Service class example (PEP8 / Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_namespaces_by_date_range()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNamespacesByDateRangeCount")
print(response)
Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cloud_service,cluster_id,cluster_name,first_seen,kac_agent_id,last_seen,namespace_id,namespace_name,resource_status
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 / Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_namespace_count(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNamespaceCount", filter="string")
print(response)
ReadKubernetesIomCount
Returns the total count of Kubernetes IOMs over the past seven days
Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_iom_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadKubernetesIomCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadKubernetesIomCount", filter="string")
print(response)
Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_node_counts_by_cloud(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadNodesByCloudCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNodesByCloudCount", filter="string")
print(response)
Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_nodes_by_container_engine_version(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadNodesByContainerEngineVersionCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNodesByContainerEngineVersionCount", filter="string")
print(response)
Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_node_counts_by_date_range(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadNodesByDateRangeCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNodesByDateRangeCount", filter="string")
print(response)
ReadNodeCount
Retrieve node counts
PEP8 method name
read_node_counts
Endpoint
Method
Route
/container-security/aggregates/nodes/count/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Retrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_node_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadNodeCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNodeCount", filter="string")
print(response)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_pod_counts_by_date_range()
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadPodsByDateRangeCount()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadPodsByDateRangeCount")
print(response)
ReadPodCount
Retrieve pod counts
PEP8 method name
read_pod_counts
Endpoint
Method
Route
/container-security/aggregates/pods/count/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Retrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_pod_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadPodCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadPodCount", filter="string")
print(response)
ReadClusterCombined
Retrieve kubernetes clusters identified by the provided filter criteria
PEP8 method name
read_clusters_combined
Endpoint
Method
Route
/container-security/combined/clusters/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
Field to sort results by
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_clusters_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadClusterCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadClusterCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadRunningContainerImages
Retrieve images on running containers
PEP8 method name
read_running_images
Endpoint
Method
Route
/container-security/combined/container-images/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Retrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,running_status
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
Field to sort results by
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_running_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadRunningContainerImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS= {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response=falcon.command("ReadRunningContainerImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadContainerCombined
Retrieve containers identified by the provided filter criteria
PEP8 method name
read_containers_combined
Endpoint
Method
Route
/container-security/combined/containers/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
Field to sort results by
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_containers_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadContainerCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadContainerCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadDeploymentCombined
Retrieve kubernetes deployments identified by the provided filter criteria
PEP8 method name
read_deployments_combined
Endpoint
Method
Route
/container-security/combined/deployments/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
Field to sort results by
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_deployments_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadDeploymentCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadDeploymentCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
SearchAndReadKubernetesIomEntities
Search Kubernetes IOM by the provided search criteria
PEP8 method name
search_and_read_ioms
Endpoint
Method
Route
/container-security/combined/kubernetes-ioms/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
The fields to sort the records on.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.search_and_read_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.SearchAndReadKubernetesIomEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("SearchAndReadKubernetesIomEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadNodeCombined
Retrieve kubernetes nodes identified by the provided filter criteria
PEP8 method name
read_nodes_combined
Endpoint
Method
Route
/container-security/combined/nodes/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
Field to sort results by
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_nodes_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadNodeCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadNodeCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadPodCombined
Retrieve kubernetes pods identified by the provided filter criteria
PEP8 method name
read_pods_combined
Endpoint
Method
Route
/container-security/combined/pods/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
Field to sort results by
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_pods_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadPodCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadPodCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadKubernetesIomEntities
Retrieve Kubernetes IOM entities identified by the provided IDs
PEP8 method name
read_iom_entities
Endpoint
Method
Route
/container-security/entities/kubernetes-ioms/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
array (string)
Search Kubernetes IOMs by ids - The maximum amount is 100 IDs
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.read_iom_entities(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.ReadKubernetesIomEntities(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("ReadKubernetesIomEntities", ids=id_list)
print(response)
SearchKubernetesIoms
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
PEP8 method name
search_ioms
Endpoint
Method
Route
/container-security/queries/kubernetes-ioms/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
sort
query
string
The fields to sort the records on.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.search_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.SearchKubernetesIoms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS= {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response=falcon.command("SearchKubernetesIoms",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
GetAWSAccountsMixin0
Provides a list of AWS accounts.
PEP8 method name
get_aws_accounts
Endpoint
Method
Route
/kubernetes-protection/entities/accounts/aws/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
AWS Account ID(s).
is_horizon_account
query
string
Filter by whether an account originates from Horizon or not. Allowed values: False or True
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
parameters
query
dictionary
Full query string parameters payload in JSON format.
status
query
string
Filter by account status.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_aws_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetAWSAccountsMixin0(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetAWSAccountsMixin0",
status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
Creates a new AWS account in our system for a customer and generates the installation script
PEP8 method name
create_aws_account
Endpoint
Method
Route
/kubernetes-protection/entities/accounts/aws/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
account_id
body
string
Account ID.
region
body
string
Cloud region.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_aws_account(account_id="string", region="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CreateAWSAccount(account_id="string", region="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"resources": [
{
"account_id": "string",
"region": "string"
}
]
}
response=falcon.command("CreateAWSAccount", body=BODY)
print(response)
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_aws_accounts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.DeleteAWSAccountsMixin0(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("DeleteAWSAccountsMixin0", ids=id_list)
print(response)
Updates the AWS account per the query parameters provided
PEP8 method name
update_aws_account
Endpoint
Method
Route
/kubernetes-protection/entities/accounts/aws/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
AWS Account ID(s) to update.
parameters
query
dictionary
Full query string parameters payload in JSON format.
region
query
string
Default region for account automation.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.update_aws_account(region="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.UpdateAWSAccount(region="string", ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("UpdateAWSAccount", region="string", ids=id_list)
print(response)
Provides the azure subscriptions registered to Kubernetes Protection.
PEP8 method name
list_azure_accounts
Endpoint
Method
Route
/kubernetes-protection/entities/accounts/azure/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Azure Tenant ID(s).
subscription_id
query
string or list of strings
Azure Subscription ID(s).
is_horizon_account
query
boolean
Flag indicating if we should filter by accounts originating from Horizon.
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
parameters
query
dictionary
Full query string parameters payload in JSON format.
status
query
string
Filter by account status (operational or provisioned).
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']sub_list='SUB1,SUB2,SUB3'# Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']response=falcon.list_azure_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']sub_list='SUB1,SUB2,SUB3'# Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']response=falcon.ListAzureAccounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']sub_list='SUB1,SUB2,SUB3'# Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']response=falcon.command("ListAzureAccounts",
status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_azure_subscription(subscription_id="string", tenant_id="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response=falcon.command("CreateAzureSubscription", body=BODY)
print(response)
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_azure_subscription(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.DeleteAzureSubscription(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("DeleteAzureSubscription", ids=id_list)
print(response)
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='aws,azure,gcp'# Can also pass a list here: ['aws', 'azure', 'gcp']response=falcon.get_locations(clouds=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='aws,azure,gcp'# Can also pass a list here: ['aws', 'azure', 'gcp']response=falcon.GetLocations(clouds=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='aws,azure,gcp'# Can also pass a list here: ['aws', 'azure', 'gcp']response=falcon.command("GetLocations", clouds=id_list)
print(response)
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
PEP8 method name
get_cloud_clusters
Endpoint
Method
Route
/kubernetes-protection/entities/cloud_cluster/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
cluster_service
query
string or list of strings
Cluster Service.
cluster_status
query
string or list of strings
Cluster Status.
ids
query
string or list of strings
Cloud Account IDs.
locations
query
string or list of strings
Cloud location.
limit
query
integer
Limit returned results.
offset
query
integer
Pagination offset.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a listresponse=falcon.get_cloud_clusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a listresponse=falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a listresponse=falcon.command("GetCombinedCloudClusters",
cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Full query string parameters payload in JSON format. Not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_azure_tenant_config(ids=id_list,
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetAzureTenantConfig(ids=id_list,
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetAzureTenantConfig",
ids=id_list,
limit=integer,
offset=integer
)
print(response)
Get static bash scripts that are used during registration.
PEP8 method name
get_static_scripts
Endpoint
Method
Route
/kubernetes-protection/entities/gen/scripts/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/octet-stream
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_static_scripts()
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetStaticScripts()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetStaticScripts")
print(response)
Provides all the azure subscriptions and tenants IDs.
PEP8 method name
get_azure_tenant_ids
Endpoint
Method
Route
/kubernetes-protection/entities/tenants/azure/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Cloud Account IDs.
status
query
string
Cluster status. (Not Installed, Running, Stopped)
limit
query
integer
Limit returned results.
offset
query
integer
Pagination offset.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_azure_tenant_ids(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetAzureTenantIDs(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetAzureTenantIDs",
ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Full query string parameters payload in JSON format. Not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_azure_install_script(id="string",
subscription_id=id_list,
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetAzureInstallScript(id="string",
subscription_id=id_list
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetAzureInstallScript",
id="string",
subscription_id=id_list
)
print(response)
Cluster name. For EKS this will be the cluster ARN.
is_self_managed_cluster
query
boolean
Set to True if the cluster is not managed by a cloud provider, and False if it is.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetHelmValuesYaml",
cluster_name="string",
is_self_managed_cluster=boolean
)
print(response)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.regenerate()
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.RegenerateAPIKey()
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("RegenerateAPIKey")
print(response)
Cluster name. For EKS this will be the cluster ARN.
account_ids
query
string or list of strings
Cluster account ID. For EKS this will be the AWS account ID.
locations
query
string or list of strings
Cloud location.
cluster_service
query
string
Cluster service.
limit
query
integer
Maximum number of results to return.
offset
query
integer
Starting offset to begin returning results.
status
query
string or list of strings
Cluster status.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters='CLID1,CLID2,CLID3'# Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']accounts='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']locations='LOC1,LOC2,LOC3'# Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']status_types='STAT1,STAT2,STAT3'# Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']response=falcon.get_clusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters='CLID1,CLID2,CLID3'# Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']accounts='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']locations='LOC1,LOC2,LOC3'# Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']status_types='STAT1,STAT2,STAT3'# Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']response=falcon.GetClusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters='CLID1,CLID2,CLID3'# Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']accounts='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']locations='LOC1,LOC2,LOC3'# Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']status_types='STAT1,STAT2,STAT3'# Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']response=falcon.command("GetClusters",
cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PEP8 method name
trigger_scan
Endpoint
Method
Route
/kubernetes-protection/entities/scan/trigger/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
scan_type
query
string
Type of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.trigger_scan(scan_type="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.TriggerScan(scan_type="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("TriggerScan", scan_type="string")
print(response)
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_azure_service_principal(id="string", client_id="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportKubernetesProtection# Do not hardcode API credentials!falcon=KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.PatchAzureServicePrincipal(id="string", client_id="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")
print(response)